Intel patches dozens of bugs

By

Baseboard management controller has authentication bypass.

Intel has released a 25-strong collection of security advisories, including one for a critical vulnerability in its baseboard management controller (BMC) firmware.

Intel patches dozens of bugs

Intel’s Integrated BMC and OpenBMC advisory covers five individual vulnerabilities including CVE-2021-39296, which Intel inherits from OpenBMC.

Crafted intelligent platform management interface (IPMI) messages allow an attacker to bypass authentication and obtain “full control of the system”.

Other BMC bugs include CVE-2022-35729, a denial-of-service via an out-of-bounds read in OpenBMC.

Among bugs rated as high risk, CVE-2022-25987 in Intel’s oneAPI toolkits offers network-based escalation of privilege for an unauthenticated attacker. 

The bug is described as an “improper handling of Unicode encoding in source code to be compiled by the Intel C++ Compiler Classic before version 2021.6 for Intel oneAPI Toolkits before version 2022.2”.

Some Atom and Xeon scalable processors may be subject to attack from an adjacent network in CVE-2022-21216, because of “insufficient granularity of access control”.

The company’s System Usage Report software is subject to a number of vulnerabilities that allow escalation of privilege and denial of service.

Another vulnerability has been found in Intel’s now-deprecated Software Guard eXtensions (SGX), as CVE-2022-33196.

Some memory controller configurations have incorrect default permissions allowing privilege escalation, but only via local access to a privileged user.

The full list of vulnerability disclosures is here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?